Nigeria Computer Society 11 th International Conference Theme: e-Government & National Security 24 th – 26 th July, 2013 Public Key Infrastructure Taofeeq Olatinwo Harmony Worldwide Inc. www.harmonycanada.com www.hwwgs.com 25 th July 2013 1
Table of Contents • Introduction Introduction • History of PKI History of PKI • What is PKI? What is PKI? • Benefits of PKI Benefits of PKI • Areas of Application • Areas of Application • What’s going on? What’s going on? • Challenges Challenges • Mitigations Mitigations • Recommendations & Conclusion Recommendations & Conclusion 2
Introduction Nigeria’s economy is growing fast resulting in: Nigeria’s economy is growing fast resulting in: • – growing middle class, and more reliance on technology and the growing middle class, and more reliance on technology and the internet. internet. • Nigeria is expected to support 70 million internet users by 2015, up from just Nigeria is expected to support 70 million internet users by 2015, up from just 45 million today. 45 million today. – Increase in cyber crime, as more and more citizens connect to the Increase in cyber crime, as more and more citizens connect to the internet and the web using smart phones, high capacity 3G and 4G internet and the web using smart phones, high capacity 3G and 4G cellular networks. cellular networks. Internet penetration is far lower in Africa- just 29% in Nigeria and Internet penetration is far lower in Africa- just 29% in Nigeria and • 14% in South Africa, compared to 78% in the United States of 14% in South Africa, compared to 78% in the United States of America (USA). America (USA). – From internetworldstats in October 2012, Security Intelligence Report From internetworldstats in October 2012, Security Intelligence Report But, Nigeria is reputed to be one of the leading cyber crime But, Nigeria is reputed to be one of the leading cyber crime • perpetrators in the world. perpetrators in the world. In addition, Nigeria is susceptible to Cyber Espionage. In addition, Nigeria is susceptible to Cyber Espionage. • 3
History of PKI The public disclosure of both secure key The public disclosure of both secure key exchange and asymmetric key algorithms in 1976 exchange and asymmetric key algorithms in 1976 by Diffie, Hellman, Rivest, Shamir, and by Diffie, Hellman, Rivest, Shamir, and Adleman changed secure communications entirely. Adleman changed secure communications entirely. This has been influenced further by: This has been influenced further by: – development of high speed digital electronic development of high speed digital electronic communications (the Internet and its predecessors), communications (the Internet and its predecessors), – a need to know which users could securely a need to know which users could securely communicate with each other, and communicate with each other, and – for users to be sure with whom they were actually for users to be sure with whom they were actually interacting. interacting. 4
What is PKI? • A public-key infrastructure ( PKI ) is a set of A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and hardware, software, people, policies, and procedures needed to create, manage, distribute, procedures needed to create, manage, distribute, use, store, and revoke digital certificates. use, store, and revoke digital certificates. - From Wikipedia - From Wikipedia CA – Certificate Authority VA – Validation Authority RA – Registration Authority 5
Benefits of PKI • Creates digital signatures detailing the Creates digital signatures detailing the information about a specific transaction in order information about a specific transaction in order to forestall electronic transaction crimes. to forestall electronic transaction crimes. • Confirms or authenticate people or parties • Confirms or authenticate people or parties involved in the transaction involved in the transaction • Reduces or eliminates outrageous claims and Reduces or eliminates outrageous claims and legal tussles resulting from financial transactions legal tussles resulting from financial transactions • Helps in ensuring confidentiality of data or Helps in ensuring confidentiality of data or information information 6
PKI Areas of Application Online/mobile banking Online/mobile banking • Online tax filing Online tax filing • Land records Land records • Health Health • Education Education • e-procurement e-procurement • • Import/export community/customs Import/export community/customs • Online line vat returns Online line vat returns • Police Police • Defense Defense • Judiciary details Judiciary details • Government Press Releases Government Press Releases • Document management system Document management system • 7
What’s Going On in Nigeria? • e-Government initiatives e-Government initiatives • ePassport – Immigration Application ePassport – Immigration Application • ASYCUDA – Customs Application ASYCUDA – Customs Application • Federal Government Web Portals Federal Government Web Portals • State Government Web Portals • State Government Web Portals • Banks – Online transactions (Cashless policy) Banks – Online transactions (Cashless policy) • PKI Blueprint (NITDA) PKI Blueprint (NITDA) • National Security Bill (Draft) National Security Bill (Draft) • etc etc 8
Challenges • Adoption of Public Key Infrastructure (PKI) was initially Adoption of Public Key Infrastructure (PKI) was initially – complex complex – costly costly – difficult to deploy and difficult to deploy and – time-consuming to maintain. – time-consuming to maintain. • Security is a chain; it is only as strong as the weakest Security is a chain; it is only as strong as the weakest link. The security of any CA-based system is based on link. The security of any CA-based system is based on many links, and they are not all cryptographic. many links, and they are not all cryptographic. • People are involved. People are involved. 9
Mitigating the Issues & Risks • Cost: Use PPP to develop a business model for KPI Cost: Use PPP to develop a business model for KPI implementation implementation • Complex: Engage IT Security & Project Management Complex: Engage IT Security & Project Management Professionals to implement Professionals to implement • Time: Be proactive by starting early and be focused • Time: Be proactive by starting early and be focused • People: People: – Change Management through transition and Change Management through transition and transformation transformation – Develop a clear policy with metrics to measure Develop a clear policy with metrics to measure performance and incorporate reward and consequence performance and incorporate reward and consequence management management 10
Some Examples Banks in Nigeria Banks in Nigeria • Government of Ontario, Canada Government of Ontario, Canada • Government of Saskatchewan, Canada Government of Saskatchewan, Canada • Government of Michigan, USA Government of Michigan, USA • University of Chicago Medical Centre, IL, USA University of Chicago Medical Centre, IL, USA • Multi-National Enterprises Multi-National Enterprises • • – Shell, HP, Microsoft, IBM, SAP, etc Shell, HP, Microsoft, IBM, SAP, etc USA Defense Information Systems Agency (DISA) - Common Access USA Defense Information Systems Agency (DISA) - Common Access • Cards program (considered the largest PKI implementation to date) Cards program (considered the largest PKI implementation to date) Overall, PKI has had the most success in government implementations Overall, PKI has had the most success in government implementations 11
Recommendation In our goal to attain vision 2020, the Government needs to take In our goal to attain vision 2020, the Government needs to take advantage of PKI to curb Cybercrime and improve our image . advantage of PKI to curb Cybercrime and improve our image . • Approve the PKI Blueprint developed by NITDA and start the Approve the PKI Blueprint developed by NITDA and start the implementation for all e-Government systems implementation for all e-Government systems • Continue and complete the establishment of a fully functional Continue and complete the establishment of a fully functional national digital forensic laboratory in the office of the NSA national digital forensic laboratory in the office of the NSA • Work with IT professionals, investors and entrepreneurs to Work with IT professionals, investors and entrepreneurs to develop a sustainable and secure platform for cyber develop a sustainable and secure platform for cyber accessibility, secured transaction and credible identity accessibility, secured transaction and credible identity • Establish steps to protect all critical information infrastructure Establish steps to protect all critical information infrastructure and secure computer systems and networks in Nigeria and secure computer systems and networks in Nigeria • Ensure adequate provision of Project Management, Transition Ensure adequate provision of Project Management, Transition and Transformation Management; and Sustainment and Transformation Management; and Sustainment 12
Recommend
More recommend
